From c6e568b55acea85bfb63f7dc4a4e13de07c00b7e Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 23 Feb 2021 14:42:52 +0100
Subject: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875/golang-1.7,golang-1.8:
 track for stretch, reference regression fix

---
 data/CVE/2018.list | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'data/CVE/2018.list')

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 9eba002158..aa6295e880 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -11773,23 +11773,31 @@ CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a
 CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29233
 	NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
 	NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
 CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29231
-	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
-	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
+	NOTE: See CVE-2018-16873 for patches and regression fix
 CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29230
 	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
 	NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3)
 	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
 	NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
+	NOTE: https://github.com/golang/go/issues/29241 (regression)
+	NOTE: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656 (1.10.7)
+	NOTE: https://github.com/golang/go/commit/ef209c9eb1216252ee7a59d78156ad9dcccab656 (1.11.4)
 CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
 	{DSA-4454-1 DLA-1694-1}
 	- qemu 1:3.1+dfsg-2 (bug #916397)
-- 
cgit v1.2.3